What is CVE-2026-22663?

CVE-2026-22663 is a high-severity vulnerability in F Prompts.chat, classified under Missing Authorization. CVSS score: 7.5/10. Published 2026-04-03.

How severe is CVE-2026-22663?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in F Prompts.chat

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated…

Vulnerability class: Broken Access Control

EPSS: 0.000 (13.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

F Prompts.chat — versions 0

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

github.com/f/prompts.chat/pull/1104 (issue-tracking)
github.com/f/prompts.chat/commit/7b81836b214f2796aaf37ded2944eadc978afd35 (patch)
www.vulncheck.com/advisories/prompts-chat-authorization-bypass-information-disc… (third-party-advisory)

Frequently asked questions

What is CVE-2026-22663?: CVE-2026-22663 is a high-severity vulnerability in F Prompts.chat, classified under Missing Authorization. CVSS score: 7.5/10. Published 2026-04-03.
How severe is CVE-2026-22663?: High severity. CVSS v3 base score is 7.5 out of 10.